diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-09-09 14:37:15 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-09-09 14:37:15 -0300 |
| commit | b40de132a39680cd8d096e14d9f968adac3c82e0 (patch) | |
| tree | 6d25fb1594a31c371686f5a2350ca89836cdfce8 /config/suricata/suricata_post_install.php | |
| parent | 8a33d84b6e7d52e2e7dd414c03428ce6da0296a2 (diff) | |
| parent | 942f82201a14aebc97f872aeddae893b9a1e0a55 (diff) | |
| download | pfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.tar.gz pfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.tar.bz2 pfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.zip | |
Merge pull request #698 from bmeeks8/suricata-2.0.3-v2.0.2
Diffstat (limited to 'config/suricata/suricata_post_install.php')
| -rw-r--r-- | config/suricata/suricata_post_install.php | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 7c8d03a5..42f72eca 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -116,6 +116,46 @@ safe_mkdir(IPREP_PATH); if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); + + /****************************************************************/ + /* Do test and fix for duplicate UUIDs if this install was */ + /* impacted by the DUP (clone) bug that generated a duplicate */ + /* UUID for the cloned interface. Also fix any duplicate */ + /* entries in ['rulesets'] for "dns-events.rules". */ + /****************************************************************/ + if (count($config['installedpackages']['suricata']['rule']) > 0) { + $uuids = array(); + $suriconf = &$config['installedpackages']['suricata']['rule']; + foreach ($suriconf as &$suricatacfg) { + // Remove any duplicate ruleset names from earlier bug + $rulesets = explode("||", $suricatacfg['rulesets']); + $suricatacfg['rulesets'] = implode("||", array_keys(array_flip($rulesets))); + + // Now check for and fix a duplicate UUID + $if_real = get_real_interface($suricatacfg['interface']); + if (!isset($uuids[$suricatacfg['uuid']])) { + $uuids[$suricatacfg['uuid']] = $if_real; + continue; + } + else { + // Found a duplicate UUID, so generate a + // new one for the affected interface. + $old_uuid = $suricatacfg['uuid']; + $new_uuid = suricata_generate_id(); + if (file_exists("{$suricatalogdir}suricata_{$if_real}{$old_uuid}/")) + @rename("{$suricatalogdir}suricata_{$if_real}{$old_uuid}/", "{$suricatalogdir}suricata_{$if_real}{$new_uuid}/"); + $suricatacfg['uuid'] = $new_uuid; + $uuids[$new_uuid] = $if_real; + log_error(gettext("[Suricata] updated UUID for interface " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " from {$old_uuid} to {$new_uuid}.")); + } + } + write_config("Suricata pkg: updated interface UUIDs to eliminate duplicates."); + unset($uuids, $rulesets); + } + /****************************************************************/ + /* End of duplicate UUID and "dns-events.rules" bug fix. */ + /****************************************************************/ + /* Do one-time settings migration for new version configuration */ update_output_window(gettext("Please wait... migrating settings to new configuration...")); include('/usr/local/pkg/suricata/suricata_migrate_config.php'); @@ -198,7 +238,7 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin conf_mount_ro(); // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0"; +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.2"; write_config("Suricata pkg: updated GUI package version number."); // Done with post-install, so clear flag |